[Bro] Exclude S0 connections from conn.log?
Mike Eriksson
mike at swedishmike.org
Mon Jul 17 01:19:46 PDT 2017
All,
I've been looking at cutting down the size of my logs and after some great
advice on this list one of the things that seems to help is to exclude S0
connections from conn.log
I've been looking at doing this but sadly I'm still too much of a beginner
to get this to work so I was hoping that someone out there can give me some
guidance?
Basically what I'd like to achieve is for the script to not log any events
with a conn_state of S0 if the originating node is not in my local
networks.
If someone could give me some guidance on how to achieve this I'd be
forever grateful.
Thanks in advance, Mike
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20170717/aef057fc/attachment.html
More information about the Bro
mailing list